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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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earned patent term adjustment. - See 37 CFR 1.704(b). 
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Responsive to communication(s) filed on 10 November 2004 . 
2a)D This action is FINAL. 2b)S This action is non-final. 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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Application Papers 
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DETAILED ACTION 

1. This action is responsive to the communication filed on April*. 15, 2004. 
Claims 1-5 are pending. At this time, claims 1-5 are rejected. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) filed on November 10, 2005. 
The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the 
information disclosure statement is being considered by the examiner. 

Drawings 

3. The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: Figures 12 and 13 do not include labels and reference numbers that 
describes in the specification (see paragraph 0010 of the specification). Corrected 
drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office 
action to avoid abandonment of the application. Any amended replacement drawing 
sheet should include all of the figures appearing on the immediate prior version of the 
sheet, even if only one figure is being amended. Each drawing sheet submitted after the 
filing date of an application must be labeled in the top margin as either "Replacement 
Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by 
the examiner, the applicant will be notified and informed of any required corrective 
action in the next Office action. The objection to the drawings will not be held in 
abeyance. 

Specification 

4. The disclosure is objected to because of the following informalities: 
Paragraph 0010 of the specification recites reference numbers that does not include in 
the drawings (see Figures 12 and 13 of the specification). Appropriate correction is 
required. 

Double Patenting 

5. The nonstatutory double patenting rejection is based on a judicially 
created doctrine grounded in public policy (a policy reflected in the statute) so as to 
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prevent the unjustified or improper timewise extension of the "right to exclude" granted 
by a patent and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 
1.321(d) may be used to overcome an actual or provisional rejection based on a 
nonstatutory double patenting ground provided the conflicting application or patent 
either is shown to be commonly owned with this application, or claims an invention 
made as a result of activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may 
sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully 
comply with 37 CFR 3.73(b). 

6. Claims 1-5 provisionally are rejected on the ground of nonstatutory double 
patenting over claims 1-5 of copending Application No. 10/824,865. This is a 
provisional double patenting rejection since the conflicting claims have not yet been 
patented. 

Claims 1-5 provisionally are also rejected on the ground of nonstatutory 
double patenting over claims 1, 13, 16, and 17 of copending Application No. 
10/825,007. This is a provisional double patenting rejection since the conflicting claims 
have not yet been patented. 

The subject matter claimed in the instant application is fully disclosed in 
the referenced copending application and would be covered by any patent granted on 



I 
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that copending application since the referenced copending application and the instant 
application are claiming common subject matter, as follows: 

Claims 1-5 recites the claimed language that is similar to those of claims 
1-5 of Application No. 10/824,865. 

In addition, claims 1-5 recites the claimed language that is similar to those 
of claims 1 , 1 3, 1 6, and 1 7 of Application No. 1 0/825,007. 

Furthermore, there is no apparent reason why applicant would be 
prevented from presenting claims corresponding to those of the instant application in 
the other copending application. See In re Schneller, 397 F.2d 350, 158 USPQ210 
(CCPA 1968). See also MPEP § 804. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition 
of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

8. Claims 1-5 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

a. Referring to claims 1-5: 

Claims 1 and 4 recite "a method and a system for detecting 
vulnerabilities in source code." These claims are clearly directed toward a software 
program and they are non-statutory as not being tangibly embodied in a manner so as 
to be executable. Furthermore, Figure 13 and paragraph 0010 of the specification 
clearly disclose the computer programs being analyzing to detect the vulnerabilities 
such as buffer overflow, race conditions and privilege escalation. Therefore, claims 1 
and 4 recite a non-statutory subject matter. 

Claims 2-3 and 5 are depended on claims 1 and 4 respectively, 
thus they are rejected with the same rationale applied against claims 1 and 4 above. 

Claim Rejections - 35 USC § 102 
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9. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

10. Claims 1-5 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Viega et al., "ITS4: A Static Vulnerabilities Scanner for C and C++ Code," 2000. 

a. Referring to claim 1: 

i. Viega teaches a method of detecting vulnerabilities in source 

code comprising: 

(1) generating a model which describes certain 
characteristics about the actions to be performed in a routine (see section 4.1 of 
Viega), and 

(2) using the model in conjunction with pre-specified 
criteria for the corresponding routine to determine whether the routine possesses 
vulnerabilities which could enable actions in the routine to be performed outside of the 
intended design (see column 4 of section 1, 4.4, and 4.5 of Viega). 

b. Referring to claim 2: 

i. Viega further teaches: 

(1) wherein the vulnerabilities are privilege escalations 
(see column 4 of section 1 of Viega). 

c. Referring to claim 3: 

i. Viega further teaches: 

(1) wherein the pre-specified criteria for the 
corresponding routine includes rules about the semantic behavior of the routine (see 4.1 
and section 4.4.1). 

d. Referring to claim 4: 



Application/Control Number: 10/824,684 
Art Unit: 2135 



Page 6 



i. This claim consist a system for detecting vulnerabilities in 
source code to implement claim 1, thus it is rejected with the same rationale applied 
against claim 1 1 above. 

e. Referring to claim 5: 

i. Viega further teaches: 

(1) wherein the computed implemented logic for using the 
model in conjunction with pre-specified criteria for the corresponding routine to 
determine whether the routine possesses vulnerabilities which could enable actions in 
the routine to be performed outside of the intended design includes a database 
specifying rules to detect vulnerabilities based on an analysis of the models (see 4.2 of 
Viega). 

Conclusion 

1 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. O'Brien et al (US 6,654,782) discloses a system and method for 
dynamically processing a network event using an action set in a distributed computing 
environment (see abstract). 

b. Flowers et al (US 7,073,198) discloses a system and method in 
accordance with the invention reliably and non-intrusively identifies various conditions of 
a network (see abstract). 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 
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